Re: IPv6 tunnel over NAT

[Pekka Savola <pekkas@netcore.fi>]

On Fri, 27 Sep 2002, Rob Austein wrote:
> At Fri, 27 Sep 2002 08:44:36 +0300 (EEST), Pekka Savola wrote:
> > 
> > On Fri, 27 Sep 2002 itojun@iijlab.net wrote:
> > > 	there's a widely-practiced alternative to Teredo, and which does not
> > > 	need any special behavior from NAT wrt UDP translation behavior.
> > > 
> > > 	IPv6 over PPP over TCP/SSH.  it needs no documentation.
> > 
> > No TCP over TCP, please... :-(
> 
> In the general case, I would agree, but this is not the general case.
> The question is whether IPv6/PPP/xyz/TCP is good enough for the
> particular case of hosts stuck behind a NAT that they cannot remove or
> upgrade.  I think that the answer in this case may well be "yes".
> 
> Please note that using PPP tunneling would also give us a handle on
> some of the nasty relay issues involved with Terado, since they would
> convert the exciting problem of what to do with tunneled packets from
> strangers into a boring matter of setting up accounts for each PPP
> identity, something that most ISPs already know how to do.
[...]

I do not believe, as of late, that Teredo will be the right solution.

Instead, I think we just need a generic bidirectional tunnel through the 
NAT; in addition to using some UDP port there should be some keepalives 
and such of course.  Plain and simple, always works, no problems at all.

Except it must be manually configured.  Can't be helped, really, but 
Teredo was always a cornercase anyway.

-- 
Pekka Savola                 "Tell me of difficulties surmounted,
Netcore Oy                   not those you stumble over and fall"
Systems. Networks. Security.  -- Robert Jordan: A Crown of Swords